The http-userdir-enum is an NSE script of a tool called Nmap, that allows the attacker to enumerate valid usernames that are present and are in a running state on the target system or host with the mod_usedir module. This NSE script of Nmap uses the HTTP requests method to send packets to the target system and enumerates the valid user present on the target system. An HTTP response with status 200 or 403 means that the username is most likely present and valid and later on the basis of the status code, after getting the result of the script, we can manually verify if the user is present on the target system.
http-userdir-enum NSE arguments Script:
- http-userdir-enum.users: List of usernames with the filename
- http-userdir-enum.limit: Maximum numbers of users to check the target system
- slaxml.debug
- http.host,http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent
- smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
Usage:
You can use the script with the “–script” option and state the name of the script.
$ sudo nmap -sV –script=http-userdir-enum <target IP>
To pass the above arguments you can use the “–script-args”. For Example:
$ sudo nmap –script=http-userdir-enum –script-args http-userdir-enum.limit=value <target IP>
$ sudo nmap –script=http-userdir-enum –script-args http-userdir-enum.users=<value> <Target IP>
Example:
Output:
80/tcp open http syn-ack Apache httpd 2.2.9 |_ http-userdir-enum: Potential Users: root (403), user (200), test (200)